-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CVE-2020-36518] move jackson-databind to 2.13.2 #2544
Conversation
Signed-off-by: Peter Nied <petern@amazon.com>
…reate them Signed-off-by: Peter Nied <petern@amazon.com>
@saratvemulapalli I am attempting to merge this PR onto |
I believe the gradle check failure is resolved with #2543
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@peternied yes. please update the version on main first and then backport through applying the backport labels. This way we have a seamless upgrade across branches.
Thanks for this @nknize. I missed the change is merging to 1.x :). |
Closing in favor of #2548 |
Description
Security took a fix for a opensearch-project/security#1687 and now is seeing a jar hell conflict. This will fix that conflict and fix the CVE in this version of OpenSearch
Check List
New functionality includes testing.All tests passNew functionality has been documented.New functionality has javadoc addedBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.